CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 13
|
|
- Rose Bell
- 5 years ago
- Views:
Transcription
1 CIS 551 / TCOM 401 Computer and Network Security Spring 2006 Lecture 13
2 Announcements Talk today: 3:00 Wu & Chen Auditorium Boon Thau Loo "Declarative Networking: Extensible Networks with Declarative Queries" 3/2/06 CIS/TCOM 551 2
3 Recap Last time: Key distribution Needham-Schroeder Kerberos Today: SSH Human authentication & Passwords Skey authentication 3/2/06 CIS/TCOM 551 3
4 Secure Shell (SSH) Secure Shell (SSH) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over unsecure channels. It is intended as a replacement for telnet, rlogin, rsh, and rcp. 3/2/06 CIS/TCOM 551 4
5 SSH protocol (overview) See: RFC's 4250,4251,4252,4253,4254 Connection Setup / Version number exchange Session key exchange / Server Authentication Each side sends a list of preferred algorithms (e.g. Diffie-Hellman with certain parameters) Guess which algorithm is used by other side Optimistically send first message of key exchange (if guess is wrong the recipient will ignore it) Key exchange produces a shared key K and exchange hash H (used as a session identifier) Server authenticates by signing the hash H 3/2/06 CIS/TCOM 551 5
6 SSH Protocol Continued Client Authentication Negotiate an authentication mechanism Public key (RSA or DSA) Keys created using ssh-keygen facility Stored in ~/.ssh/identity.pub Password Kerberos /etc/hosts.equiv Transport Protocol Negotiate encryption type Connection Protocol (for shells) 3/2/06 CIS/TCOM 551 6
7 Encryption Ciphers SSH uses the following ciphers for encryption (with varying options for key sizes): Cipher SSH1 SSH2 DES yes no 3DES yes yes IDEA yes yes Blowfish yes yes Twofish no yes Arcfour no yes AES no yes Serpent no yes Cast128-cbc no yes 3/2/06 CIS/TCOM 551 7
8 SSH Protection ssh protects against (from the README): IP spoofing, where a remote host sends out packets which pretend to come from another, trusted host. DNS spoofing, where an attacker forges name server records Interception of cleartext passwords and other data by intermediate hosts Modification of data by people in control of intermediate hosts Attacks based on listening to X authentication data and spoofed connections to an X11 server In other words, ssh never trusts the net; somebody hostile who has taken over the network can only force ssh to disconnect, but cannot decrypt traffic, play back the traffic, or hijack the connection. 3/2/06 CIS/TCOM 551 8
9 SSH vs TELNET and RSH Security Telnet/rsh sends all communications in cleartext SSH encrypts all communications and optionally compresses X/Port Forwarding Makes it easy to run remote X applications (xterm, netscape) Can "tunnel" connections between two hosts Other Features Password-less logins via public/private key encryption Secure file copy (scp/sftp) - replacement for ftp/rcp 3/2/06 CIS/TCOM 551 9
10 Example Use Logging into hosts: Example: $ ssh -l username hostname $ ssh username@hostname $ ssh hostname $ ssh stevez@eniac.seas.upenn.edu uptime The authenticity of host 'eniac.seas.upenn.edu ( )' can't be established. RSA key fingerprint is bf:b1:e4:01:4c:d3:69:e2:83:8b:8d:f9:b7:06:a3:a9. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'eniac.seas.upenn.edu' (RSA) to the list of known hosts. stevez@eniac.seas.upenn.edu's password: <PASSWORD> 10:36am up 31 day(s), 17:47, 72 users, load average: 0.17, 0.19, /2/06 CIS/TCOM
11 SSH1 vs. SSH2 SSH1 Uses RSA, until recently had patent issues in US Also supports 3DES and Blowfish Some support IDEA, but OpenSSL lacks it Uses CRC for data integrity Flawed, attacks possible Less of a factor when using 3DES SSH2 Uses DSA, supported best in commercial SSH Not restricted by patents Uses a different approach to get around CRC issues SSH1 and SSH2 are not compatible with each other. 3/2/06 CIS/TCOM
12 Human Authentication We've seen how to do strong authentication for machines: Challenge Response What about people? 3/2/06 CIS/TCOM
13 Man vs. Machine Machine Good at authenticating other machines Good at mathematical manipulations, etc. Can handle keys, secrets, etc. Very good memory of things stored in it Man Good at identifying people Use small clues that when combined yield an unmistakable picture Voice Height 3/2/06 CIS/TCOM
14 Authenticating Humans: Foundations Authentication is based on one or more of the following: Something you know password Something you have driver s license, Penn Card Something inherent about you Biometrics, location What s the most common method of authentication? 3/2/06 CIS/TCOM
15 Passwords Shared code/phrase Client sends to authenticate Simple, right? How do you Establish them to begin with? Stop them from leaking? Stop them from being guessed? 3/2/06 CIS/TCOM
16 Prime Mover Problem Out of band Physical mail Attached to the box Piggybacking Swipe Penn Card to make PennKey Where does the chain stop? Penn Card -> drivers license -> birth certificate 3/2/06 CIS/TCOM
17 Leaks Social engineering "Hi, I'm Joe from CETS can you tell me your password?" Warnings Legal and responsibility Shared password == shared liability Writing the password down on paper 3/2/06 CIS/TCOM
18 Guessing The "no such user" mistake The "here's who we are" mistake Common words, phrases for passwords Null passwords, "password", username, backwards, etc. Dictionary attacks How bad is it? 3/2/06 CIS/TCOM
19 1979 Survey of 3,289 Passwords With no constraints on choice of password, Morris and Thompson got the following results: 15 were a single ASCII letter. 72 were strings of two ASCII letters. 464 were strings of three ASCII letters. 47 were strings of four alphanumerics. 706 were five letters, all upper-case or all lower-case. 605 were six letters, all lower case. 3/2/06 CIS/TCOM
20 1990s Surveys of 15K Passwords Klein (1990) and Spafford (1992) 2.7% guessed in 15 minutes 21% in a week Sounds ok? Not if the passwords last 30 days Tricks Letter substitutions, words backwards, common names, patterns, etc. Anything you can think of off the top of your head, a hacker can think of too Lazy users! Weakest link is always the way of the attack 3/2/06 CIS/TCOM
21 Heuristics for Guessing Attacks The dictionary with the words spelled backwards A list of first names (best obtained from some mailing list). Last names, street names, and city names also work well. The above with initial upper-case letters. All valid license plate numbers in your state. (About 5 hours work in 1979 for New Jersey.) Room numbers, social security numbers, telephone numbers, and the like. 3/2/06 CIS/TCOM
22 What makes a good password? Password Length 64 bits of randomness is hard to crack 64 bits is roughly 20 common ASCII characters But People can t remember random strings Longer not necessarily better: people write the passwords down Pass phrases English Text has roughly 1.3 random bits/char. Thus about 50 letters of English text Hard to type without making mistakes! In practice Non-dictionary, mixed case, mixed alphanumeric Not too short (or too long) 3/2/06 CIS/TCOM
23 Hacks on plaintext password file Is the password file readable by the OS? Then if I break the OS Can privileged users see the file? and make copies Is the file backed up somewhere insecure? Is the file in plaintext somewhere in memory? Core dump Fool the user A program that masquerades as the authentication program 3/2/06 CIS/TCOM
24 Counter-hacks Control-Alt-Del for logging in (establishes a trusted path) Slow down Make guessing take too long Encrypt the password file Salt" - to prevent duplicates Use one way hashes or encryptions on the passwords Password rules Min length, upper and lower case, no common words Use letters and numbers and symbols Change often Keep a password history Don't write it down! 3/2/06 CIS/TCOM
25 Add Salt Salt the passwords by adding random bits. Decreases the likelihood that two identical passwords will appear as identical entries in the password file. 12 bit salt results in 4,096 versions of each password. /etc/passwd entry: user_id salt u Hash(salt u + passwd u ) Actually most modern implementations use so-called shadow password files /etc/shadow that aren t world readable. 3/2/06 CIS/TCOM
26 Where does this lead us? Turn humans into machines? We want long, random, non-language passwords for security But we can't remember them Machine aided password generation Vax password suggestions One time passwords 3/2/06 CIS/TCOM
27 One Time Passwords Shared lists. Sequentially updated. One-time password sequences based on a one-way (hash) function. Used in practice: SKey mechanism 3/2/06 CIS/TCOM
28 Hash-based 1-time Passwords Alice identifies herself to verifier Bart using a well-known one-way hash function H. One-time setup. Alice chooses a secret w. Fixes a constant t for the number of times the authentication can be done. Alice securely transfers H t (w) to Bart H(H(H (H(w)) )) t times 3/2/06 CIS/TCOM
29 Hash-based 1-time Passwords Protocol actions. For session i, claimant A does the following to identify itself: A computes w = H (t-i) (w) and transmits the value to B. B checks that i is the correct session (i.e. that the previous session was i-1) and checks to see if H(v) = w where v was the last value provided by A (as part of session i-1). B saves w and i for use in the next session. 3/2/06 CIS/TCOM
30 One-time passwords: i th authentication Alice Bart {A, i, H (t-i) (w)} W H(-) Alice does the following to identify herself: A computes w = H (t-i) (w) and transmits the value to B. B checks that i is the correct session (i.e.. that the previous session was i-1) and checks to see if H(w ) = v where v was the last value provided by A (as part of session i-1). B saves w and i for use in the next session. H (t-i+1) (w), H(-) 3/2/06 CIS/TCOM
31 Why This 1-time Password Works It s hard to compute x from H(x). Even though attacker gets to see H (t-i) (x), they can t guess then next message H (t-(i+1)) (x). 3/2/06 CIS/TCOM
CIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 19
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 19 Announcements Reminder: Project 3 is due *TOMORROW* night at 11:59 Plan for today: Authentication: SSH Human authentication One-time
More informationLinux Network Administration
Secure Remote Connections with OpenSSH Objective At the conclusion of this module, the student will be able to: Configure the ssh daemon start, stop, and restart sshd 17 January 2005 NETW 111 - SSH 2 SSH
More informationDigital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)
Message Authentication Code (MAC) Key-dependent one-way hash function Only someone with a correct key can verify the hash value Easy way to turn one-way hash function into MAC is to encrypt hash value
More informationTELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the local terminal appears to be the
Telnet/SSH TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the local terminal appears to be the terminal at the remote location. Usually establishes
More informationPractical Magic with SSH. By David F. Skoll Roaring Penguin Software Inc. 1 February
Practical Magic with SSH By David F. Skoll Roaring Penguin Software Inc. 1 February 2001 http://www.roaringpenguin.com dfs@roaringpenguin.com Overview of Presentation Why SSH? Problems with Telnet & Friends
More informationOpenSSH. 24th February ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) 1 / 12
OpenSSH ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) http://www.csrrt.org/ 24th February 2006 1 / 12 SSH - History 1995 Tatu Ylonen releases ssh-1.0.0 (Forms SSH Communications
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationCryptography Application : SSH. 7 Sept 2017, Taichung, Taiwan
Cryptography Application : SSH 7 Sept 2017, Taichung, Taiwan What is Safely Authentication I am Assured of Which Host I am Talking With Authentication - The Host Knows Who I Am The Traffic is Encrypted
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationLecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More informationSSH. Partly a tool, partly an application Features:
Internet security SSH 1 Secure Shell: SSH Partly a tool, partly an application Features: Encrypted login and shell connections Easy, drop-in replacements for rlogin, rsh, rcp Multiple means of authentication
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationComputer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 10. Exam 2 Review Paul Krzyzanowski Rutgers University Spring 2017 March 23, 2018 CS 419 2017 Paul Krzyzanowski 1 Question 1(a) Suppose you come across some old text in the form GEPPQ
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationCSC 474 Network Security. Authentication. Identification
Computer Science CSC 474 Network Security Topic 6. Authentication CSC 474 Dr. Peng Ning 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationComputer Security 4/12/19
Authentication Computer Security 09. Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Paul Krzyzanowski Protocols such as Kerberos combine all three Rutgers
More informationSecurity Handshake Pitfalls
Hello Challenge R f(k, R f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone can send the challenge R. f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone
More informationLecture 3 - Passwords and Authentication
Lecture 3 - Passwords and Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 What is authentication? Reliably verifying
More informationPasswords CSC 193 WAKE FOREST. U N I V E R S I T Y Department of Computer Science. Spring 2014
Passwords CSC 193 WAKE FOREST U N I V E R S I T Y Department of Computer Science Spring 2014 Unix Passwords In Unix, users are identified by user names Authenticated by passwords Therefore to login as
More information10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms
Authentication IT443 Network Security Administration Instructor: Bo Sheng Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 1 2 Authentication Authentication is
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationAuthentication. Identification. AIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationCIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols
CIS 6930/4930 Computer and Network Security Topic 6.2 Authentication Protocols 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake. Authenticate
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationOutline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication
Outline Security Handshake Pitfalls (Chapter 11 & 12.2) Login Only Authentication (One Way) Login i w/ Shared Secret One-way Public Key Lamport s Hash Mutual Authentication Shared Secret Public Keys Timestamps
More informationAuthentication CHAPTER 17
Authentication CHAPTER 17 Authentication Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources. getting entrance
More informationCIS 6930/4930 Computer and Network Security. Topic 6. Authentication
CIS 6930/4930 Computer and Network Security Topic 6. Authentication 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication Allow a user to
More informationCS530 Authentication
CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationProving who you are. Passwords and TLS
Proving who you are Passwords and TLS Basic, fundamental problem Client ( user ) How do you prove to someone that you are who you claim to be? Any system with access control must solve this Users and servers
More informationUser Authentication. E.g., How can I tell you re you?
User Authentication E.g., How can I tell you re you? 1 The Basics Unlike real world authentication (e.g., you recognize someone s voice over the phone) computer can t recognize someone (well, not in the
More informationSecure Remote Access: SSH & HTTPS
Secure Remote Access: SSH & HTTPS What is SSH? SSH Secure Shell SSH is a protocol for secure remote login and other secure network services over an insecure network developed by SSH Communications Security
More informationWorksheet - Reading Guide for Keys and Passwords
Unit 2 Lesson 15 Name(s) Period Date Worksheet - Reading Guide for Keys and Passwords Background Algorithms vs. Keys. An algorithm is how to execute the encryption and decryption and key is the secret
More informationCNT4406/5412 Network Security
CNT4406/5412 Network Security Authentication Zhi Wang Florida State University Fall 2014 Zhi Wang (FSU) CNT4406/5412 Network Security Fall 2014 1 / 43 Introduction Introduction Authentication is the process
More informationOverview. Terminology. Password Storage
Class: CSG254 Network Security Team: Enigma (team 2) Kevin Kingsbury Tejas Parikh Tony Ryan Shenghan Zhang Assignment: PS3 Secure IM system Overview Our system uses a server to store the passwords, and
More informationUser Authentication Protocols Week 7
User Authentication Protocols Week 7 CEN-5079: 2.October.2017 1 Announcement Homework 1 is posted on the class webpage Due in 2 weeks 10 points (out of 100) subtracted each late day CEN-5079: 2.October.2017
More informationInformation Security CS 526
Information Security CS 526 Topic 7: User Authentication CS526 Topic 7: User Authentication 1 Readings for This Lecture Wikipedia Password Password strength Salt_(cryptography) Password cracking Trusted
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationModule: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security
CMPSC443 - Introduction to Computer and Network Security Module: Cryptographic Protocols Professor Patrick McDaniel Spring 2009 1 Key Distribution/Agreement Key Distribution is the process where we assign
More informationInformation Security CS 526
Information Security CS 526 Topic 7: User Authentication CS526 Topic 7: User Authentication 1 Readings for This Lecture Wikipedia Password Password strength Salt_(cryptography) Password cracking Trusted
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationWhat is Secure. Authenticated I know who I am talking to. Our communication is Encrypted
Crypto App - SSH 1 What is Secure Authenticated I know who I am talking to Our communication is Encrypted Telnet clear text Servers Terminal clear text Routers SSH encrypted channel encrypted text Servers
More informationECEN 5022 Cryptography
Introduction University of Colorado Spring 2008 Historically, cryptography is the science and study of secret writing (Greek: kryptos = hidden, graphein = to write). Modern cryptography also includes such
More informationGoals. Understand UNIX pw system. Understand Lamport s hash and its vulnerabilities. How it works How to attack
Last Updated: Nov 7, 2017 Goals Understand UNIX pw system How it works How to attack Understand Lamport s hash and its vulnerabilities History of UNIX passwords Originally the actual passwords were stored
More informationBasic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline
CSC/ECE 574 Computer and Network Security Topic 2. Introduction to Cryptography 1 Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationComputer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Authentication Paul Krzyzanowski Rutgers University Spring 2018 1 Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Protocols such
More informationThe OpenSSH Protocol under the Hood
The OpenSSH Protocol under the Hood Girish Venkatachalam Abstract The nitty-gritty details as to what OpenSSH is and why it is ubiquitous. Is there a program more commonly used in day-to-day Linux computing
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2017 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationCS 332 Computer Networks Security
CS 332 Computer Networks Security Professor Szajda Last Time We talked about mobility as a matter of context: How is mobility handled as you move around a room? Between rooms in the same building? As your
More informationCSC 8560 Computer Networks: Network Security
CSC 8560 Computer Networks: Network Security Professor Henry Carter Fall 2017 Last Time We talked about mobility as a matter of context: How is mobility handled as you move around a room? Between rooms
More information6. Security Handshake Pitfalls Contents
Contents 1 / 45 6.1 Introduction 6.2 Log-in Only 6.3 Mutual Authentication 6.4 Integrity/Encryption of Data 6.5 Mediated Authentication (with KDC) 6.6 Bellovin-Merrit 6.7 Network Log-in and Password Guessing
More informationCryptography - SSH. Network Security Workshop May 2017 Phnom Penh, Cambodia
Cryptography - SSH Network Security Workshop 29-31 May 2017 Phnom Penh, Cambodia What is Safely Authentication I know who I am talking with Our communication is Encrypted Telnet Servers Terminal Routers
More informationSSH. What is Safely 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:
SSH 25-29 June 2018 PacNOG 22, Honiara, Solomon Islands Supported by: Issue Date: Revision: 1 What is Safely Authentication I am Assured of Which Host I am Talking With Authentication - The Host Knows
More informationCSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography
CSCI 454/554 Computer and Network Security Topic 2. Introduction to Cryptography Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationUser Authentication Protocols
User Authentication Protocols Class 5 Stallings: Ch 15 CIS-5370: 26.September.2016 1 Announcement Homework 1 is due today by end of class CIS-5370: 26.September.2016 2 User Authentication The process of
More informationLecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005
Lecture 30 Security April 11, 2005 Cryptography K A ciphertext Figure 7.3 goes here K B symmetric-key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Symmetric
More informationCryptography - SSH. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography - SSH Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 What is Secure Authentication I know who I am talking to Our communication is Encrypted Telnet Servers Terminal
More informationOutline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing
Outline CSCI 454/554 Computer and Network Security Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues Topic 2. Introduction to Cryptography 2 Cryptography Basic Concepts
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationCIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm
CIS 4360 Introduction to Computer Security Fall 2010 WITH ANSWERS in bold Name:.................................... Number:............ First Midterm Instructions This is a closed-book examination. Maximum
More informationIntroduction to Cryptography. Vasil Slavov William Jewell College
Introduction to Cryptography Vasil Slavov William Jewell College Crypto definitions Cryptography studies how to keep messages secure Cryptanalysis studies how to break ciphertext Cryptology branch of mathematics,
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationCryptography Application : SSH. Cyber Security & Network Security March, 2017 Dhaka, Bangladesh
Cryptography Application : SSH Cyber Security & Network Security 20-22 March, 2017 Dhaka, Bangladesh Issue Date: [31-12-2015] Revision: [v.1] What is Safely Authentication I am Assured of Which Host I
More information0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken
0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 3 User Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown User Authentication fundamental security building
More informationComputer Security 3/20/18
Authentication Identification: who are you? Authentication: prove it Computer Security 08. Authentication Authorization: you can do it Protocols such as Kerberos combine all three Paul Krzyzanowski Rutgers
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More information===============================================================================
We have looked at how to use public key crypto (mixed with just the right amount of trust) for a website to authenticate itself to a user's browser. What about when Alice needs to authenticate herself
More informationStrong Password Protocols
Strong Password Protocols Strong Password Protocols Password authentication over a network Transmit password in the clear. Open to password sniffing. Open to impersonation of server. Do Diffie-Hellman
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Discussion 9 March 30, 2011 Question 1 Another Use for Hash Functions (8 min) The traditional Unix system for password authentication works more or less like
More informationMicrosoft Exam Security fundamentals Version: 9.0 [ Total Questions: 123 ]
s@lm@n Microsoft Exam 98-367 Security fundamentals Version: 9.0 [ Total Questions: 123 ] Question No : 1 The Active Directory controls, enforces, and assigns security policies and access rights for all
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationCSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Entity Authentication Professor Lisa Luo Spring 2018 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know
More informationSecurity Handshake Pitfalls
Security Handshake Pitfalls 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: Authenticate each other Establish sessions keys This process may
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationAuthentication Handshakes
AIT 682: Network and Systems Security Topic 6.2 Authentication Protocols Instructor: Dr. Kun Sun Authentication Handshakes Secure communication almost always includes an initial authentication handshake.
More informationMan In The Middle Project completed by: John Ouimet and Kyle Newman
Man In The Middle Project completed by: John Ouimet and Kyle Newman What is MITM? Man in the middle attacks are a form of eves dropping where the attacker relays messages that are sent between victims
More informationIntroduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras
Introduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 09 Now, we discuss about the insecurity of passwords.
More informationCS-630: Cyber and Network Security
CS-630: Cyber and Network Security Lecture # 6: Digital Signatures and Authentication Prof. Dr. Sfi Sufian Hameed Department of Computer Science Authentication Overview Authentication Passwords Secure
More informationInformation Security & Privacy
IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 8 Feb 24, 2015 Authentication, Identity 1 Objectives Understand/explain the issues related to, and utilize
More informationChapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,
More informationOther Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?
ryptography Goals Protect private communication in the public world and are shouting messages over a crowded room no one can understand what they are saying 1 Other Uses of ryptography Authentication should
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationCSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni
CSCI 667: Concepts of Computer Security Lecture 9 Prof. Adwait Nadkarni 1 Derived from slides by William Enck, Micah Sherr, Patrick McDaniel, Peng Ning, and Vitaly Shmatikov Authentication Alice? Bob?
More informationTotal points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator
CMSC 414 F08 Exam 1 Page 1 of 10 Name: Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator 1. [14 points] a. Are n=221 and e=3 valid numbers for RSA. Explain.
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 3.3: Security Handshake Pitfalls CSC 474/574 Dr. Peng Ning 1 Authentication Handshakes Secure communication almost always includes an initial authentication
More information